uniform guidance: internal control - ed guidance: internal control ... high unit costs ... systems...

Uniform Guidance: Internal Control

U.S. Department of Education

OCFO/Financial Improvement Operations

Uniform Guidance Goals and Key Take-Aways

Internal Control

2 C.F.R. 200.303 Internal Controls are elevated as an accountability measure

Understanding Key Internal Control Elements

Maintain effective internal controls to provide reasonable assurance

Standards for Internal Control in the Federal Government

Key areas of emphasis: Allowability, Monitoring, Functions/Operations

Internal Control Tool-kit


Internal Control: Reasonable Assurance

Internal Controls give reasonable assurance that the

organization will achieve its objectives through

Effective and efficient operations

Reliable reporting

Compliance with applicable laws and regulations


Internal Control: Through and Through

Five components of

Internal controls


Defining Internal Control Those processes by which you assure objectives are achieved

efficiently, effectively, and with reliable, compliant reporting:

A Control Environment that sets the tone for the organization.

A Risk Assessment process that involves the identification and analysis of

relevant risks.

Control Activities that include the policies and procedures that help ensure

management directives are carried out and documented.

Information and Communication systems or processes that support the

exchange of information.

Monitoring processes used to assess the quality of internal control

performance over time.


Internal Control: Crucial Accountability

The elevated the role of internal control:

Creates a transparent system of accountability for decision

making around federal funds.

This system of accountability applies equally to Federal Agencies,

grantees, and sub-recipients.

While internal controls are not new to the financial world

They may be new to folks working on program implementation.


How It Works: Financial Management

Assessable units/functions must be able to:

Identify all Federal award inflows and outflows

Produce financial and performance results of each

award/program

Maintain records showing the source and use of funds

Compare actual expenses with budgeted expenses

Document allowability procedures

Control Environment

Type of Control Definition Examples Tone at the Top Demonstrate a commitment to the organization’s integrity and ethical values. Directives

Tone at the Top Demonstrate a commitment to the organization’s integrity and ethical values. Policies

Tone at the Top Demonstrate a commitment to the organization’s integrity and ethical values. Lead by example

Oversight Oversight Body who oversees management’s design, implementation, and operation of the organization’s internal control system. Board of Directors

Oversight Oversight Body who oversees management’s design, implementation, and operation of the organization’s internal control system. Management Team

Oversight Oversight Body who oversees management’s design, implementation, and operation of the organization’s internal control system. Chief State School Officer

Commitment to Competence Management establishes expectations of competence on recruiting, developing, and retaining personnel. Position Descriptions

Commitment to Competence

Management establishes expectations of competence on recruiting, developing, and retaining personnel. Position Descriptions

Commitment to Competence Management establishes expectations of competence on recruiting, developing, and retaining personnel. Required skills and certifications

Accountability Personnel’s responsibilities. Day-to-day decision making

Accountability Personnel’s responsibilities. Roles and responsibilities

Accountability Personnel’s responsibilities. Lines of Authority

Risk Assessment


Risk Assessment

Internal Controls – Examples of Risk Considerations

Complexity of the process

Level of manual intervention

Fraud risk

Management override

Non-routine transactions

Management by a third party;

History of audit issues

Changes in laws/regulations

Human capital management

Control Activities

Type of Control Definition Examples

Preventive Control that helps management to avoid issues before they occur. Training

Preventive Control that helps management to avoid issues before they occur. Review and Approval Process

Preventive Control that helps management to avoid issues before they occur. Segregation of Duties

Detective Control that discover issues after they occur. Reconciliation

Detective Control that discover issues after they occur. Trace Transaction to Source Document

Detective Control that discover issues after they occur. Monitor Actual vs. Budget

General (IT) Policies and procedures that apply to all or a large portion of an organization’s IT systems. Security Management

General (IT) Policies and procedures that apply to all or a large portion of an organization’s IT systems. Logical and Physical Access

General (IT) Policies and procedures that apply to all or a large portion of an organization’s IT systems. Configuration Management

Application (IT) Control that is incorporated into computer applications to ensure data accuracy and integrity. Edit Checks for Input Data

Application (IT) Control that is incorporated into computer applications to ensure data accuracy and integrity. Interface

Application (IT) Control that is incorporated into computer applications to ensure data accuracy and integrity. Data Management System Control

Information and Communication

Management communicates relevant and timely information to support the internal control system

Factor Description

Audience • The targeted recipients of the information anticipated to be delivered.

Nature of Information • The type of information being communicated.

Availability • The accessibility of information to the audience.

Cost • The amount of resources needed to communicate the information.

Monitoring

Management performs evaluations to ensure the design and operation of controls are efficient and effective

Common Terminology Description/Examples

Ongoing Monitoring •Day-to-day management oversight

Ongoing Monitoring •Regular comparisons and reviews (leverage automated tools)

Separate Evaluations •Internal/external audits

Separate Evaluations •Periodic self-assessments based on risk (control testing and evaluation)

Control Deficiency •A potential or actual internal control issue or an opportunity to strengthen the organization’s internal control system.

Corrective Action •Action item planned by management to remediate identified internal control deficiencies in a specific time frame.


Where Do Internal Controls Live?

Specific functions/processes

Payments/cash management

Compensation/personnel expenses

Procurement

Property management

Financial monitoring

Subrecipient monitoring


Determining Allowability

Basic standards for allowability remain the haven’t changed:

Necessary, reasonable, allocable, and documented

The documentation tells the story

Reconstruct the story of a particular use of funds then clear determination is possible.

The more difficult it is to reconstruct the story, the more you will have to rely on other mechanisms to ensure proper use of funds.

Factors Affecting Allowability

2 CFR §200.403

Generally a

cost is

reasonable if

it is:

Reasonable in its nature, and does not exceed that

which would be spent by a “prudent person”

Necessary for the performance of the Federal

Award

Conforms to limitations/exclusions in the law or the

Uniform Guidance

Comparable to market prices for the geographic

area

Factors Affecting Allowability

2 CFR §200.403

Generally a

cost is

reasonable if

it is:

Treated consistently as a direct, rather than indirect,

charge

Accounted for in accordance with Generally

Accepted Accounting Principles

Consistent with State/local procurement rules

Not included as a cost or used to meet cost sharing

or matching requirements

Adequately documented

Reasonable

2 CFR §200.404

In determining

reasonableness

you must

consider:

Whether the cost is of a type generally recognized

as ordinary and necessary for the award

Market prices for comparable goods or services for

the geographic area

Whether Individual acted with prudence in the

circumstance

The degree to which the entity follows established

practices and policies regarding the incurrence of

costs

Allocable

2 CFR § 200.405

In determining

allocability you

must consider

whether:

It can be assigned to a particular cost objective

Purchased for a particular award

Necessary to implement the objectives of the grant

The item of cost proportionally benefits two or more

projects or activities, that cost should be allocated to

the projects based on the benefit received


Discussion Time! Given a Function…

Accounting

Payment System

Property

Standards/System

Procurement

Standards/System,

System for Monitoring

and Reporting Program

Performance

Make an argument for why your function is most

important to the efficiency and effectiveness of a grantee

Mitigating Strategies

Additional control activities put in place to

mitigate risk presented

Those additional controls are called

compensating controls.

Compensating controls are a type of control

used to discover, prevent, and or mitigate

mistakes.


Examples of Compensating Controls

Segregation of duties :

One employee responsible for ensuring allowability based either

on program law or uniform guidance,

One person to do the accounting portion of the job, and

One person responsible for signing the checks.

Segregation of duties can be difficult for businesses with small

staffs. Compensating controls, in this case, may include

maintaining and reviewing decision making logs and

supporting documentation.


How to Identify Opportunities for TA

Program Performance Reporting

Compare accomplishments to objectives for time period

Quantified where applicable

With trend analysis, if available

If objectives were not met, the reasons why

Other pertinent information, e.g., Cost overruns, High unit costs

Site-Visits


Sources of Data to Inquire About Internal

Control

Program Reporting – Fiscal Monitoring

Examine source data

Information in the Department’s G5 Grant System

Expenditure Reports

Budget Submission

Other Financial Reports

Single State Audits

Source Documents


Systems to Inquire About Internal Control

Record Retention and Access

Retain for three years after submission of final expense report:

Financial records

Supporting documents

Statistical records

Other grantee records

Access should be timely and reasonable



Sub-recipient Monitoring

Grantees must monitor the activities of

Contractors

Vendors

Sub-recipients




Grantees must evaluate the risk of sub-recipient activities,

especially considering

Prior experience with similar sub-awards

Results of audits

New or substantially changed systems of the sub-recipient

Imposition of specific sub-award conditions may be

warranted




Grantees must monitor the performance of subrecipients

Review of financial and programmatic reports

Follow-up to ensure identified deficiencies/findings are remediated

Issue determinations related to audit findings

Grantees should offer training and assistance to subrecipients

where needed

Time and Effort: Flexible and Accountable

Internal Controls Poster Child

New flexibility: “system of internal control” for documenting personnel compensation:

Requirements for personnel compensation are found at 2 CFR 200.430-431

Alternative accounting processes are allowable for sampling in-time distribution reporting

Federal agencies may approve alternative accounting methods for blended funds


Walk-thru of Tool-kit

The toolkit includes:

A glossary of terms, common language, associated with the internal controls

field.

A “quick check” document that can facilitate an initial self-assessment.

A second tier self-assessment to hone in on problematic areas.

An example of a procurement flow chart which includes a series of questions

you might ask yourself in assessing a aspects of an example procurement

process. These questions are illustrative of the type of analysis you should

conduct. In determining the allowability of expenditures involving Federal funds.

Template to use as a starting point in documenting the organization’s internal

control system.


Tool Kit: Glossary


Tool Kit: Manager’s Quick Check


Tool Kit: Self Assessment (6 pages)


Tool Kit: Process Map with Questions


Tool Kit: Control Environment Questions


Tool Kit: Risk Assessment Questions


Tool Kit: Control Activities Questions


Tool Kit: Information Questions


Tool Kit: Monitoring Questions


Tool Kit: Process Map sample


Tool Kit: Internal Control Guidance


Tool Kit: Assessible Unit Process Form

Resources

Your Department program officer

The Department’s one-stop shop for information: Uniform Guidance Technical Assistance for ED Grantees

Includes links to COFAR, OMB and EDGAR

Includes FAQs

Includes specific crosswalks between Parts 74 and 80 of EDGAR and the Uniform Guidance

Email questions to: [email protected]

http://www2.ed.gov/policy/fund/guid/uniform-guidance/index.html

http://www2.ed.gov/policy/fund/guid/uniform-guidance/index.html

mailto:[email protected]